Skip to content

Instantly share code, notes, and snippets.

View jpmcb's full-sized avatar

John McBride jpmcb

171 followers · 35 following
View GitHub Profile
@jpmcb
jpmcb / hacker.md
Created November 25, 2020 18:09
To Catch a Hacker - NPM Event Stream

To Catch a Hacker - NPM Event Stream

(Note: this post is from a legacy blog dated 12/14/2018 and some content or links may have changed)

A few weeks ago, this issue was opened on a popular Node NPM package called Event Stream. This package enables Node streams to be simpler and streamlines many I/O operations within Node. Regardless, this package is a key dependency for many other Node packages and has over 1 million downloads per week from NPM. The newly opened issue initially questioned a new, suspicious dependency that was pushed by a new, unknown maintainer. I was lucky enough to follow the community's investigation into this issue and now, I hope to present the findings here. My goal with this piece is to hopefully shed some light on how easy it is for somebody to inject malicious code into NPM packages, the responsibility of open source maintainers, and the responsibility of the community.

The Malicious Code

A Github user noticed that

@jpmcb
jpmcb / vim-tips.md
Created November 25, 2020 18:08
Super Vim Tips!

Vim tips!

(Note: this is a post from a legacy blog. This post was intended to help new OSU students get started with Vim)

I'd consider myself some sort of Vim - evangelist. It's an incredible tool and has ALOT of power. If there's something you wish Vim could do, there's probably a plugin for it or a way to make Vim do it with scripting (in its own language!). Moderate proficiency in Vim is a skill that nearly every developer could benefit from. Being able to modify files directly on a server is necessary in almost every development sphere.

Get Vim

Most unix like operating systems (including MacOS) should come pre-packaged with Vim. If not, you can install it with yum:

yum install vim
@jpmcb
jpmcb / slack-api.md
Created November 25, 2020 17:56
Slack is watching ...

Slack is watching ...

(Note: this is from a blog archieve dated 2019/01/21. These opinions are my own and the slack API may have changed) TLDR: The Slack API exposes endpoints for a token holder to read all public and private messages.

In today's world, violations of privacy are no surprise. Between all the leaks and data dumps, many people have accepted this as "just the world we live in". But what if information was exposed that could be used to judge your work performance? Or steal your company’s intellectual property?

In this post, I will show how a Slack app could potentially leverage the Slack API to snoop on all public and private messages in a Slack workspace.

The veil of privacy

@jpmcb
jpmcb / rethinkdb-cookbook.md
Created November 25, 2020 17:55
RethinkDB Basics - JSON based database

RethinkDB cookbook

(Note: this is from an old blog archieve dating 2018/11/05. Some things with Rethink have very likely changed) RethinkDB is a JSON based, non-relational database that provides a promise oriented, Node JS backend. It integrates seamlessly with JSON type data and is a production ready option for Node infrastructures.

Pre-reqs: Docker, Node, NPM

This post will serve as a brief overview of RethinkDB and hopefully give you a taste of how it works and why a JSON based database might be beneficial for you and your product. You should have some knowledge of docker for this tutorial, but it's not required. However, knowledge of Node and JavaScript will be necessary.

Run the offical Docker Image

You can pull and run the official rethink docker image to start the database locally. Simply give it a name and you're on your way!

@jpmcb
jpmcb / docker-centos.md
Created November 25, 2020 17:52
Docker Cent-OS: from 2018/11/12

When trouble comes to town, use Docker!

If you are a CS 344 student, then you've been told to develop exclusively on the OS1 server. Unfortunately, this server is frequently nuked by fork bombs. If you are unable to run a full CentOS virtual machine, then here is a step by step guide to getting a CentOS docker container running on your computer. This way, you can continue to work on your assignments in a similar environment to OS1 and not have to have a full virtual machine running!

Note: when a "host" is referenced, this is in regard to your own laptop and your own environment, not any container or virtual machine you might have running.

1. Get Docker

You can download and install Docker at this link

Docker creates operating system level virtualizations through "containers". It’s alot like a traditional Virtual Machine, but containers are run through the host system kernel while maintaining their own software libraries and configurations. In short, containe

@jpmcb
jpmcb / README.md
Last active November 25, 2020 17:42
Go state asyncrounous patterns

Performance in golang channels

These simple go tests check the "leaky-ness" of using channels in Go. There are two methods described here; one using both a local context, and the parent context. When tests are run against both, the LeakyAsync method runs faster, but fails the leak checker as goroutines are not resolved or cleaned up.

In a production system with possibly thousands of go routines being spun up, this could result in massive memory leaks and a deadlock situation in the go binary.

it's recommended to use the leakchecker library to determine if goroutines get cleaned up.

@jpmcb
jpmcb / index.html
Created December 30, 2016 19:40
World Clock and timer
<h1>Current Time</h1>
<h2 id="clock"></h2>
<div id="PomodoroTimer">
<div><h2>Pomodoro Clock</h2></div>
<div><h4 id="timerDisplay"></h4></div>
<div><button id="addTime">+</button></div>
<div><button id="pause">Start</button></div>